• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Malware Allows Access to Jailbroken iPhones


    Well, we all knew this was coming.

    The Macintosh security firm Intego reports that they have identified malware that will allow hackers to access data on jailbroken iPhones running OpenSSH with the default root password 'alpine.' Unjailbroken iPhones, devices not running sshd, and devices with unique root passwords are not vulnerable to this exploit. Though Intego currently categorizes the risk of the malware as "low," users should act to secure their phones.

    The tool - which Intego identifies as "iPhone/Privacy.A" - works by being installed onto a "Mac, PC, Unix or Linux" computer - or another iPhone - and then scanning the computer's network to find ssh services.

    This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
    When a vulnerable iPhone is found, the hacker can then download all personal data stored on the device: "e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app."

    Intego recommends its own VirusBarrier X5 software to identify and eradicate the software on a Mac, but notes there is no detection tool for other computer platforms, or for the iPhone itself. Users of jailbroken phones should not enable ssh except when needed, and should change their root passwords:
    • install and run "Mobile Terminal"
    • type su root at the shell prompt and tap enter
    • type passwd and tap enter
    • enter alpine for your old password
    • enter new password
    • enter new password again to confirm

    image via Intego
    This article was originally published in forum thread: Malware Allows Access to Jailbroken iPhones started by Paul Daniel Ash View original post
    Comments 65 Comments
    1. suicidesam's Avatar
      suicidesam -
      So since I can type in "passwd" or "su" and when it asks for the password i can't type anything in. What can I do?
    1. Gent1eman's Avatar
      Gent1eman -
      Quote Originally Posted by suicidesam View Post
      So since I can type in "passwd" or "su" and when it asks for the password i can't type anything in. What can I do?
      it may not show that you're typing, (no stars etc) but if you type in alpine then hurt return, the command lines keep coming.
    1. suicidesam's Avatar
      suicidesam -
      Thanks gent1eman! I changed them
    1. tudtran's Avatar
      tudtran -
      Thanks for the head up
    1. The Digital Alchemist's Avatar
      The Digital Alchemist -
      Has anybody tried using emoji characters for their new password?

      alpine...
    1. Gent1eman's Avatar
      Gent1eman -
      Quote Originally Posted by suicidesam View Post
      Thanks gent1eman! I changed them
      No problem.
    1. vedavis's Avatar
      vedavis -
      Even though I have SSH off in SBSettings, I installed MobileTerminal anyway, but it keeps crashing before I get a prompt. I've read other places that the app has not been updated in a while and has problems on 3.1.2. True?
    1. DCBnG's Avatar
      DCBnG -
      For people a little unsure on if you have OpenSSH installed or not - just open up your SBSettings. By default, there is a toggle for OpenSSH, if the toggle isn't present, you don't have it.

      If you don't have SBSettings - Open Cydia - Click on "Manage" - Click on "Packages" and scroll through the list to see if you see OpenSSH.

      If you are using Rock - Open Rock - Click on "Manage" - Scroll down the page until you get to "Manage Other Installed Packages." It should appear in this list if you put it on your phone.

      If you do have it on your phone - easiest thing to do is install SBSettings and use the toggle to turn it OFF unless you are on a network that you implicitly trust & you really have a need to use it. Otherwise, leave it off.

      As others have said, chances are, if you have no idea what OpenSSH is, you don't have it on your phone.
    1. wgm214's Avatar
      wgm214 -
      Quote Originally Posted by TooSlo View Post
      Well, it's not exactly true if you are jailbreaking your device on 3.1.2, as you have to SSH to modify the Services.plist if you want to enable USB connectivity to your phone.

      The only way to actually replace that file is.....

      USING SSH!
      cant u get afc2add from cydia instead of openshh? otherwise goodpoint, stupid of geohot not to include usb connectivity, especially for people who dont use cydia.
    1. Poseidon79's Avatar
      Poseidon79 -
      ^^^ There are people in the world that exist that don't use Cydia? That's very sad.
    1. MJedi's Avatar
      MJedi -
      Changed password. Thanks for the steps!

      Question: when I pwn my 3GS to 3.1.2 (I'm still on 3.0), do I need to change the password again?
    1. TooSlo's Avatar
      TooSlo -
      Quote Originally Posted by MJedi View Post
      Question: when I pwn my 3GS to 3.1.2 (I'm still on 3.0), do I need to change the password again?
      Yes.
    1. hollow0's Avatar
      hollow0 -
      Quote Originally Posted by wgm214 View Post
      cant u get afc2add from cydia instead of openshh? otherwise goodpoint, stupid of geohot not to include usb connectivity, especially for people who dont use cydia.
      huh? O.o what does Geohot have to do with this?
    1. rkisling's Avatar
      rkisling -
      The instructions are also on Cydia front page under SSH or logging into your phone (link at the bottom of these instructions for changing your password.) These instructions recommend changing the password for both user root and mobile.

      OpenSSH allows you to log onto your phone; change or delete just about anything -- seems obvious to me that unless you change your password, this is a rather obvious security risk,
    1. ashidar's Avatar
      ashidar -
      Just turn SSH off via sbsettings. You don't want to leave it on anyway, cause it just wastes your battery. Only turn SSH on when you are going to connect to your phone to do something
    1. romeo_herman's Avatar
      romeo_herman -
      Quote Originally Posted by pauldanielash View Post

      • install and run "Mobile Terminal"
      • type su root at the shell prompt and tap enter
      • type passwd and tap enter
      • enter alpine for your old password
      • enter new password
      • enter new password again to confirm

      image via Intego
      Everybody who has changed the "root" password, must change the "mobile" password also, ( please try open ssh winSCP, using user name : mobile (not root) and type password alpine ) If you still can get into ssh, so you must change the mobile password also.....
      The right one is here....

      Change the “root” password:
      The easy way to change the root password is
      install mobile terminal from Cydia
      after finish install press home button to go back to Home screen
      look for mobile terminal then open
      type "su" (without quote)press return
      then password "alpine" (without quote)press return
      now you are logging as root
      type "passwd" (without quote)press return
      type your new password/press return
      retype your new password/press return
      Exit out.
      Change the “mobile”password:
      Open mobile terminal
      type "passwd" (without quote)press return
      type old password: alpine
      type your new password/press return
      retype your new password/press return

      That's it

      after the instruction try to log in on winSCP then enter password "alpine"
      the system will deny it, just type your new password.
      hope it help. If help hit thanks button please.


      Good bye hackers....
    1. iLaw-One's Avatar
      iLaw-One -
      As long as your iphone/ipod is jailbroken, you need to change both your ROOT and MOBILE Passwords’ in order to be completely safe from these nasties!

      To change your Root Password:

      A: Go to Cydia, click search and install MobileTerminal app your iPhone/ipod. Once you have successfully installed MobileTerminal, Reboot your device.

      B: Now start MobileTerminal app and type in:
      ‘login’ (without quotes) and then press enter.

      C: Now type ‘root’ (without quotes) as your login.

      D: Once you have logged in as root, type ‘passwd’ command (without quotes) and ‘alpine’ (without quotes) as your current root password, and press enter.

      E: You will now be prompted to enter a new password twice (a mixture of letters, alphabets and symbols usually makes a stronger password…just make sure you can easily remember it…)!

      Congratulations! Your Root password has now been changed.

      To change your Mobile Password

      A: Still in MobileTerminal app, type in the following command:
      passwd

      B: You’ll be asked for your password, which should be ‘alpine’ (without the quotes),

      C: Next, you’ll have to enter a new one of your choice (twice…to confirm). See step ‘E’ above.

      Once you have done the above, you can go to sleep!!

      Always remember to turn SSH off (in SBsettings) when not needed, and whenever a reboot is done.
    1. rwin84's Avatar
      rwin84 -
      This is such an easy fix... the fact that so many people are being affected by this is really just funny... Saurik told us to change our PW back in the olden days when SSH became available!
    1. skiptowncat's Avatar
      skiptowncat -
      Someone should come up with a tweak that automatically turns ssh off after a respring and/or a set usage time. I always forget that it's left on
    1. smuggler's Avatar
      smuggler -
      makes complete sense that this came out, why would anyone be running the default password? it really isn't smart to be walking around day to day with openssh running and with the default password alpine.